package cn.wawi.controller.sys;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import cn.wawi.common.R;
import cn.wawi.controller.BaseController;
import cn.wawi.dao.sys.UserDao;
import cn.wawi.entity.sys.User;
import cn.wawi.utils.StrKit;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
/**
 * controller继承 BaseController 拥有
 * findAll       查询所有不分页
 * findOne       查询一条记录
 * findAllByPage 查询所有，分页
 * deleteBatch 批量删除
 * updateBatch 批量更新状态
 * deleteOne 根据主键删除
 * saveORupdate 主键id不为空时更新,否则保存
 */
@Controller
@RequestMapping("/sys_user")
public class UserController extends BaseController<User>{
	@Resource
	protected UserDao<User> userDao;
	
	/**
	 * 修改密码
	 */
	@ResponseBody
	@RequestMapping(value="/updatePassword",method=RequestMethod.POST)
	public R<User> updatePassword(String password,String newPassword){
		if(StrKit.isBlank(newPassword)){
			return error("新密码不为能空!");
		}
		password=new Md5Hash(password,getUser().getUsername(),2).toString();
		newPassword=new Md5Hash(newPassword,getUser().getUsername(),2).toString();
		//更新密码
		int count = userDao.updatePassword(getUser().getId(), password, newPassword);
		if(count == 0){
			return error("原密码不正确!");
		}
        return success("密码修改成功!");
	}
	/**
	 * 用户登陆
	 */
	@RequestMapping(value="/login",method={RequestMethod.POST,RequestMethod.GET})
	public String login(HttpServletRequest request,HttpServletResponse response)throws Exception{
		
		//如果登陆失败从request中获取认证异常信息，shiroLoginFailure就是shiro异常类的全限定名
		String exceptionClassName = (String) request.getAttribute("shiroLoginFailure");
		String message="";
		//根据shiro返回的异常类路径判断，抛出指定异常信息
		if(exceptionClassName!=null){
			if (UnknownAccountException.class.getName().equals(exceptionClassName)) {
				//最终会抛给异常处理器
				message="用户名/密码错误!";
			} else if (IncorrectCredentialsException.class.getName().equals(exceptionClassName)) {
				message="用户名/密码错误!";
			} else if("randomCodeError".equals(exceptionClassName)){
				message="验证码错误!";
			}else if (ExcessiveAttemptsException.class.getName().equals(exceptionClassName)) {
				message="登录失败次数过多,超过2次将锁定10分钟!";
			}else if (LockedAccountException.class.getName().equals(exceptionClassName)) {
				message="帐号已被锁定10分钟!";
			}else if (DisabledAccountException.class.getName().equals(exceptionClassName)) {
				message="帐号已被禁用10分钟!";
			}else if (ExpiredCredentialsException.class.getName().equals(exceptionClassName)) {
				message="帐号已过期!";
			}else {
				message="用户名/密码错误!";
			}
		}
		//此方法不处理登陆成功（认证成功），shiro认证成功会自动跳转到上一个请求路径
		//登陆失败还到login页面
		request.setAttribute("msg", message);
		request.setAttribute("username", request.getParameter("username"));
		return "core/login";
	}
}
